Announcement Announcement Module
Collapse
No announcement yet.
Authenticate/LDAP Authorize/RDBMS Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticate/LDAP Authorize/RDBMS

    Our application needs to Authenticate against LDAP, but we probably won't get the permission we need to add our specific authorization needs in our LDAP tree. Is it possible with Acegi to Authenticate against one, but Authorize against another?

    How would you go about doing it?

    Thanks,

    Bryan

  • #2
    With the current code I don't think you can do this. You can use the defaultRole property to assign a generic role to any user who authenticates via LDAP, otherwise a BadCredentialsException will be thrown. Unfortunatly I don't think that any of the default "out-of-the-box" AuthenticationProvider's from ACEGI support authenticating from one source and authorizing from another - this would be a cool feature, but if you need it you may have to code it yourself; probably by extending PasswordDaoAuthenticationProvider.

    Comment


    • #3
      Our application needs to Authenticate against LDAP, but we probably won't get the permission we need to add our specific authorization needs in our LDAP tree. Is it possible with Acegi to Authenticate against one, but Authorize against another?
      This would be a very nice feature to have. Besides the point regarding permissions to write to LDAP, oftentimes only minimal authentication info is stored in LDAP as various apps typically have app. specific info that they need associated with the user/roles that end up storing in the application specific database.

      Sanjiv

      Comment


      • #4
        Yeah I've thought of that. I'd like to tackle something along the lines of splitting the authentication/authorization, at least to the point of offering an initial implementation that can be considered (this is something that is beyond the scope of 'just' LDAP). Currently I am working on a couple of refinements to the LDAP-Dao, and I am pretty busy with other things, but it is a feature that I would like to see at some point (I also want to investigate CAS to see what features along these lines it might have).

        Comment


        • #5
          Originally posted by rrsIPOV
          probably by extending PasswordDaoAuthenticationProvider.
          This is exactly what I did. I just made the:

          public UserDetails loadUserByUsernameAndPassword(String username, String password) throws DataAccessException, BadCredentialsException

          Authenticate against Ldap and Authorize against our database. The only mildly tricky part was making sure that the correct exceptions were thrown at the right parts of the process, even that was trivial though.

          Thanks,

          Bryan

          Comment


          • #6
            Is there any chance to see sourceCode of this extension?

            I have been struggling doing this, it looks like I have not been able to throw the exceptions properly. Is there any available source code or examples?

            Comment

            Working...
            X